(Resolved) help me please

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Falcon_Courage

Thread Starter
Joined
Nov 20, 2001
Messages
12
okay, when I turn on my computer, the internet comes up with thiss porn site. It was most likely one of my brother's doings, but I don't know how to stop it. It's not on startup mode either.
 

eddie5659

Moderator
Malware Specialist
Joined
Mar 19, 2001
Messages
37,298
Hiya and welcome

Go to Run and type MSINFO32. On the left choose Software Enviroment, then Startup Programs. Copy/paste the list.

It may be a dialer, so using the sites name, do a search. You may want to empty your tempory Internet Files.

Regards

eddie
 
Joined
May 18, 2001
Messages
1,199
Hi Falcon_courage,Go to Start>Settings>control panel>Internet options>Change the home page to what you want,click apply then ok.

Let us know if this works for you
 

Falcon_Courage

Thread Starter
Joined
Nov 20, 2001
Messages
12
It's not the homepage thing.
*StateMgr c:\windows\system\restore\statemgr.exe All Users HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
Adaptec DirectCD c:\progra~1\adaptec\directcd\directcd.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Delay c:\windows\delayrun.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
DirectX ddhelp32.exe .DEFAULT HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
DirectX ddhelp32.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Hidserv hidserv.exe run All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HPScanPatch c:\windows\system\hpscanfix.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
hpsysdrv c:\windows\system\hpsysdrv.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ICSMGR icsmgr.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Keyboard Manager c:\program files\netropa\one-touch multimedia keyboard\mmkeybd.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
LoadPowerProfile rundll32.exe powrprof.dll,loadcurrentpwrscheme All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
LoadPowerProfile rundll32.exe powrprof.dll,loadcurrentpwrscheme All Users HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
mgavrtclexe c:\windows\mcbin\av\rt\mgavrtcl.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
mgavrtclexe c:\windows\mcbin\av\rt\mgavrte.exe All Users HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
MMTray All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
MoneyAgent "c:\program files\microsoft money\system\money express.exe" .DEFAULT HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
MSMSGS "c:\progra~1\messen~1\msmsgs.exe" /background .DEFAULT HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
PCHealth c:\windows\pchealth\support\pchschd.exe -s All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ScanRegistry c:\windows\scanregw.exe /autorun All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SchedulingAgent mstask.exe All Users HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
SSDPSRV c:\windows\system\ssdpsrv.exe All Users HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
SystemTray systray.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Taskbar Display Controls rundll deskcp16.dll,quickres_rundllentry .DEFAULT HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
TaskMonitor c:\windows\taskmon.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
WinampAgent "c:\program files\winamp\winampa.exe" All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
WNAD c:\windows\wnad.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
 

eddie5659

Moderator
Malware Specialist
Joined
Mar 19, 2001
Messages
37,298
Okay

I'll go thru this, and try and find it. What I will also do, is give a description about each. Some you can remove to speed yourself, as an additional thing.

Here goes:

*StateMgr: WinME. Windows default for System Restore. Do NOT disable

Adaptec DirectCD: Unless you have a CD-RW in the drive to drag and drop files to it you don't need DirectCD. Available via Start -> Programs - not required

Delay: HP "phone-home" application. Not required

DirectX: Don't normally see this here.Hmmmm...leave

Hidserv: This is the Human Interface Device Server, it is required only if you are using USB Audio Devices you can disable via Msconfig

HPScanPatch: HP patch for certain USB scanners. If unavailable via Start -> Programs

hpsysdrv: This item keeps track of how many times the system has been recovered and the times of the first and last recoveries done on the system. Leaving unchecked will sometimes prevent the Keyboard Manager program from detecting that the computer is an HP. Keep

ICSMGR: Monitors DNS and DHCP requests for ICS (Internet Connection Sharing). Needed if you’re sharing the internet on various computers

Keyboard Manager: One-touch Multimedia Keyboard for HP systems. Defines the destination of the shortcut buttons. When you connect to the net it contacts HP at network startup. You have to disable it if you don't want this to happen but that will prevent ALL extra buttons from working though. Keep

LoadPowerProfile: Power management specifics such as monitor shut-off, system standby, etc. Keep

mgavrtclexe: McAfee's Virus Scan Online. I recommend you leave it enabled if you regularily use the internet, especially with the number of viruses being released everyday

MMTray: Musicmatch Jukebox icon in the task tray. Often supplied with HP CD-RW drives. The program works fine without it. Not required

MoneyAgent: Part of Microsoft Money. Not required

MSMSGS: MSN Messenger utility starts up automatically every time you start Windows. If you don't use MSN Messenger, this can be annoying. Available via Start -> Programs - not required

PCHealth: WinME. This is a "scheduler" and does not turn off PC Health

ScanRegistry: keep

SchedulingAgent: Microsoft Scheduling Agent displayed as a box with a stopwatch in the System Tray - only needed if you have regular scheduled disk defragmenting, ScanDisk, etc. Recommend you run these at regular intervals anyway so not needed as they can interrupt other programs

SSDPSRV: WinME. For future Plug and Play devices only. Provides Simple Service Discovery Protocol (SSDP) and General Event Notification Architecture (GENA) services for Universal Plug and Play functionality. You can uninstall it by going to Add Remove programs in Control Panel -> Windows Setup -> Communications. Starts up a web server on port 5000

SystemTray: Keep

Taskbar Display Controls: Only appears in MSCONFIG if you have a Display Settings icon in the System Tray allowing resolution changes on the fly. Can also be disabled under Start -> Settings -> Control Panel -> Display -> Settings -> Advanced -> General

WinampAgent: System Tray application that starts up WinAmp media player. Not required - can be started manually from Start -> Programs

WNAD: Spyware added as a result of running a program called "Yo Mama Osama" (osama.exe). Ah, good old spyware. Why had it had to be at the end :p

Have a look here

and then download AddAware from www.lavasoftusa.com Install and run it, ensuring that Deep registry Scan is enabled. remove all except any refernces to Web3000 or new.net. If you're unsure, copy/paste the list here.

Now, this may be causing the problem that you are getting. Ged rid of this little bugger first.

Then, for the others that I said you can remove, go to Run and type MSCONFIG. Go to Startup tab, and uncheck all those you don't need. Apply and restart. If you're unsure about any, do each seperately, but apply and restart each time.

Also, just in case this was downloaded without you knowing, do this. Tools | Internet Options. Advanced tab. Scroll down under Browsing until you see Enable Instal on Demand. Uncheck it.

Regards

eddie
 

eddie5659

Moderator
Malware Specialist
Joined
Mar 19, 2001
Messages
37,298
Thats okay

I'm hoping that the popup box has stopped.

If not, let us know.

See Ya

eddie
 

Falcon_Courage

Thread Starter
Joined
Nov 20, 2001
Messages
12
It hasn't stopped, the first time I tried it it didn't come up. I haven't downloaded that spyware remover yet, so I'll try that. Okay that still didn't work.
 

eddie5659

Moderator
Malware Specialist
Joined
Mar 19, 2001
Messages
37,298
Okay

Go here and download ZoneAlarm www.zonelabs.com Its a firewall, and it will hopefully tell us whats dialing up. Is it when you initially dialup, that this web site appears? Did you have a look at the Homepage that beach mentioned earlier?

It may be a dialer, and if so, it will be costing you money. Just confirm about the HomePage thing and see what ZoneAlarm says.

Regards

eddie
 

eddie5659

Moderator
Malware Specialist
Joined
Mar 19, 2001
Messages
37,298
You don't need to buy it. Its free. Don't pick the PRO version. Try here:

http://download.cnet.com/downloads/0-10105-108-57636.html?bt.37282.10014..dl-57636

Okay, go to Tools | Internet options. Click on Connections tab. See if any of the porn sites is listed there. If so, remove them.

Also, empty your tempory Internet Folders offline, and also your cookies. Now, go to Internet Options | Programs. 'Reset Web Settings'

Go tou your homepage that you want, go back to Internet Options, and in the General tab, under Home Page click 'use current'.

Did you have AddAware on Deep Registry?

Regards

eddie
 

eddie5659

Moderator
Malware Specialist
Joined
Mar 19, 2001
Messages
37,298
Okay

Lets see. Have you installed ZoneAlarm? If so, have you got anything dialing out? Also, the site that it loads: as its not ethical posting it here, you can email me the link, and I'll have a look. Just click Profile in my reply.

Meanwhile, lets try this: Control panel | AddRemove. Can you see anything that resembles a dialer?

eddie
 

eddie5659

Moderator
Malware Specialist
Joined
Mar 19, 2001
Messages
37,298
Right

been to those two sites and there was no dialer trying to install itself. That leads me to suspect the cookies first of all. Have you deleted them yet?

Go to Windows Explorer. Navigate to c:\windows\cookies or thereabouts. Delete all that you find, and then your recycle bin.


Hang on...something just popped up. I'll have a look.

Let me know.

eddie
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top